Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to extract fields which is : separated

Hema_Nithya
Explorer
‎11-07-2023 09:53 AM

John:x:/home/John:/bin/bash 

 

is there a way to extract the field from above with colon separated.  We have many users in the above format from /etc/passwd 

John - username 

x - passwd 

/home/John - path 

Labels (3)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-07-2023 10:19 AM 
| rex "(?<username>[^:]+):(?<passwd>[^:]+):(?<path>[^:]+)"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-07-2023 10:19 AM 
| rex "(?<username>[^:]+):(?<passwd>[^:]+):(?<path>[^:]+)"
0 Karma
Reply
Solved! Jump to solution

Hema_Nithya
Explorer
‎11-27-2023 11:51 PM

How to deal with the empty fields between . Example there is empty field between passwd and after home directory 

userid:passwd: :/home/John: : 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-28-2023 01:21 AM 
| rex "(?<username>[^:]*):(?<passwd>[^:]*):(?<path>[^:]*)"
0 Karma
Reply
Solved! Jump to solution

Hema_Nithya
Explorer
‎11-07-2023 11:16 AM

Thank you , let me check and update you ! 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...